On Wed, 15 Jan 2020 at 13:36, Simon B <[email protected]> wrote:
> On Wed, 15 Jan 2020 at 13:40, Matus UHLAR - fantomas <[email protected]> > wrote: > > > > >> On Mon, Jan 13, 2020 at 06:25:27PM +0100, Simon B wrote: > > >> > > > >> >Since upgrading to 2.11 yesterday (yes, I am on a path to > move up > > >> > > > >> >through debian versions), all mail coming in on > > >> > > > >> >postfix/submission/smtpd is being rejected by the domain > check in that > > >> > > > >> >file, even though the user is sasl authenticated. > > > > >On Mon, 13 Jan 2020 at 18:44, Viktor Dukhovni > > ><[email protected]> wrote: > > >> Note, Postfix 2.11 (actually 2.10 IIRC) adds > "smtpd_relay_restrictions", > > >> which you don't override in the submission service definition: > > > > On 15.01.20 13:19, Simon B wrote: > > >Cause and effect in one simple sentence - thanks Viktor! > > > > if you use debian, the default smtpd_relay_restrictions should contain: > > > > smtpd_relay_restrictions=permit_mynetworks permit_sasl_authenticated > defer_unauth_destination > > That results in this > Jan 15 13:32:53 mail postfix/smtpd[743]: NOQUEUE: reject: RCPT from > localhost[127.0.0.1]: 451 4.3.5 Server configuration error; > > > which is the default value. It's added in postfix postinst script. > > > > ...unless you have overridden it, in such case it contains what you put > > there. > > > > >Now looks like this... > > > > > > 10 submission inet n - n - - smtpd > > > 11 -o syslog_name=postfix/submission > > > > >Which seems to have solved the problem - or at least just kicked it > > >down the road. Now there's a slightly different format of the error > > >when receiving mail from the amavis filter... > > > > > >Jan 15 11:39:31 mail postfix/smtpd[31588]: connect from > localhost[127.0.0.1] > > >Jan 15 11:39:31 mail postfix/smtpd[31588]: NOQUEUE: reject: RCPT from > > >localhost[127.0.0.1]: 554 5.7.1 <amavisd.example.net>: Helo command > > >rejected: Host not found; from=<[email protected]> to=< > > >[email protected]> proto=ESMTP helo=<amavisd.example.net> > > > > note that this says "postfix/smtpd" and thus it's not related to > master.cf > > definition of submission above, then would say "postfix/submission/smtpd" > > Correct. The submission problem is now solved. The problem is now > receiving mail back from amavis. > > > >Jan 15 11:39:31 mail amavisd-new[2303]: (02303-14) smtp resp to RCPT > > >(pip) (<[email protected]>): 554 5.7.1 <amavisd.example.net>: Helo > > >command rejected: Host not found > > > > >Despite the fact that I changed those receiver settings in master.cf > to: > > > > > >118 #The amavis reciever > > >119 127.0.0.1:10025 inet n - - - - smtpd > > >120 -o content_filter= > > >121 -o local_recipient_maps= > > >122 -o relay_recipient_maps= > > >123 -o smtpd_restriction_classes= > > >124 -o > smtpd_client_restrictions=permit_mynetworks,reject_plaintext_session > > >125 -o smtpd_helo_restrictions=permit_mynetworks > > >126 -o smtpd_sender_restrictions= > > >127 -o smtpd_recipient_restrictions=permit_mynetworks,reject > > >128 -o mynetworks=127.0.0.0/8 > > >129 -o strict_rfc821_envelopes=yes > > >130 -o > receive_override_options=no_unknown_recipient_checks,no_header_body_checks > > >131 -o smtp_bind_address=127.0.0.1 > > > > > >At the moment nothing is going through amavis in either direction, so > > >that's a problem... > > > > are you sure amavis sends mail through port 10025? > > Hi Matus, > > Yes, very sure. > > if I turn on -v logging for that hop, I am concerned about these lines > in the log. > > Jan 15 13:09:01 mail postfix/smtpd[466]: < localhost[127.0.0.1]: EHLO > amavisd.localhost > Jan 15 13:09:01 mail postfix/smtpd[466]: match_list_match: localhost: no > match > Jan 15 13:09:01 mail postfix/smtpd[466]: match_list_match: 127.0.0.1: no > match > and > Jan 15 13:09:01 mail postfix/smtpd[466]: generic_checks: > name=permit_mynetworks > Jan 15 13:09:01 mail postfix/smtpd[466]: permit_mynetworks: localhost > 127.0.0.1 > Jan 15 13:09:01 mail postfix/smtpd[466]: match_hostname: localhost ~? > 127.0.0.0/8 > Jan 15 13:09:01 mail postfix/smtpd[466]: match_hostaddr: 127.0.0.1 ~? > 127.0.0.0/8 > Jan 15 13:09:01 mail postfix/smtpd[466]: match_list_match: > permit_mynetworks: no match > culminating in > Jan 15 13:09:01 mail postfix/smtpd[466]: NOQUEUE: reject: RCPT from > localhost[127.0.0.1]: 554 5.7.1 <amavisd.localhost>: Helo command > rejected: Host not found; from=<[email protected]> > to=<[email protected]> proto=ESMTP helo=<amavisd.localhost> > > > permit_mynetworks should be permitting that, not offering no match. > Is amavis running on the local machine? The smtpd process listening for amavis seems unable to match amavis's ip either to local host or to 127.0.0.1. As as workaround you could change the 'permit_mynetworks' setting on this smtpd process to 'permit'. If you have firewalled port 10025 it should be reasonably safe I think?
